Head of Technology Grc

Reference Code: 88931**Head of Technology GRC**:

- Richemont- Meyrin, GE, CH- PermanentRichemont owns some of the world’s leading luxury goods Maisons, with particular strengths in jewellery, fine watches and premium accessories. Each Maison represents a proud tradition of style, quality and craftsmanship and Richemont seeks to preserve the heritage and identity of each of its Maisons. At the same time, we are committed to innovation and designing new products which are in keeping with our Maisons’ values, through a process of continuous creativity.

“Digital transformation is at the forefront of our Group development. This transformation is creating new opportunities on all the areas and domains where the Group operates, while exposing the Group to new Security and Compliance challenges.

Join us if you want to play a key role in this journey by partnering with our technology functions to enable a secure innovation, while keeping our people, operations, and digital assets safe and secured”

**CONTEXT**

The Technology Governance Risk and Compliance (“Technology GRC”) function is a part of the Technology organisation of Richemont (hereafter “Group”) and reporting to the Director of the CIO Office. The function is responsible for the design, implementation and oversee of the required controls to be embedded across the technology department of the Group within the perimeter of the Group Technology organisation.

The Technology GRC function is key for all topics related to Security & Compliance in the context of technology and the implementation of the related frameworks across the Group’s technology stacks. Following the 3 lines of defence model, the Technology GRC function closely collaborates and partners with the 2nd and 3rd lines of defence functions at head quarter level but also as closely with Regions and Maisons of the Group.

**HOW WILL YOU MAKE AN IMPACT?**

Your key responsibilities will be the following:

- Lead central and regional teams of Technology experts to coordinate efforts around security and compliance activities in a consistent way across the Group.
- Own the planning and prioritization of resources across the Technology GRC teams on defined priorities and risk-based approach
- Further develop the technology capability, processes, and team structures in managing change
- Coordinate Security and Compliance assessment efforts with both external and internal stakeholders with the objective to strengthen the Group’s security and compliance posture
- Assist in development of the methodology and execution of various compliance risk assessments
- Serve as a key partner in identifying technology risks across the Group and supporting the technology teams in their remediation actions
- Partner with 1st and 2nd line of defence functions (including business contacts) in completing and reporting the assessments
- Work to compile results for senior management and prepare synthesis and summaries to facilitate strategic guidance
- Report to Group Technology top management (CIO and Group Technology leadership team) on regulatory and compliance developments and risks/issues identified within assigned Compliance area
- Continuously improve internal compliance processes and methodologies relating to the Compliance Management Program and system
- Support and guide technology projects by ensuring that required compliance and security controls are taken into consideration at the earliest
- Be an ambassador of the security/privacy by design concept and promote a risk-based approach across projects, products, and initiatives

**HOW WILL YOU EXPERIENCE SUCESS WITH US?**

This role requires:
1. Demonstrated exposure to - and understanding of - the following IT Security Risk & Compliance concepts:

- Key-Information Security principles and reference framework(s) (e.g. NIST, SOX404, ICS, PCI-DSS, etc.)
- Key-principles derived from Data Security and Privacy regulations (e.g., EU GDPR, Chinese Cyber Security Law, South Korea PIPA, etc.)
- ITIL processes are a plus
- IT Risk Management principles and experience (e.g., FAIR methodology)
- Implementation and testing of Security controls (e.g. encryption keys management, network and data flow traffic, API management, etc.) in at least one of the following contexts:

- Migration of a large infrastructure to a third-party vendor Cloud Hosting solution (e.g. Google, Amazon Webservices,..)
- Salesforce solution implementation (or equivalent)
- External and internal IT audits.

2. Proven expertise in at least 2 of the following technical domains:

- IT GRC (in non-SAP environment)
- Compliance Assessments (e.g., SOX, ICS, ISO)
- Security Assessments and definition/coordination/implementation of remediation actions (e.g., Pen’ Tests, Application Security Review, Data Privacy & Protection review, etc.)
- Implementation and design of IT Security Controls (ITGC excluded - see above examples)

3. The following experiences and qualifications:

- Large intern